As an increasing number of applications and services are being made available over networks such as the Internet, an increasing number of content, application, and/or service providers are turning to technologies such as cloud computing. Cloud computing, in general, is an approach to providing access to electronic resources through services, such as Web services, where the hardware and/or software used to support those services is dynamically scalable to meet the needs of the services at any given time. A user or customer typically will rent, lease, or otherwise pay for access to resources through the cloud, and thus does not have to purchase and maintain the hardware and/or software needed.
A potential disadvantage to such an approach, at least from a customer point of view, is that the resources typically are at a location under control of the provider of those resources, and thus are out of the direct control of the customer. In order to help ensure that resources allocated to the customer perform tasks only under direction of that customer, customer or provider can utilize one or more security policies that can be used to indicate which requests requiring access to those resources should be allowed, and which should be denied. These security policies can be expressed using a policy language and they can be evaluated by a policy evaluation engine. Some difficulties arise, however, for customers to create and manage the various security policies. For example, some customers of the service provider may prefer to express their respective security policies using different formats, policy languages or interfaces than other customers of the service provider.